Analysis
-
max time kernel
118s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 18:38
Behavioral task
behavioral1
Sample
3ac3a8e6a40da030174b5ff7e9bd4629.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
3ac3a8e6a40da030174b5ff7e9bd4629.exe
Resource
win10v2004-20231215-en
General
-
Target
3ac3a8e6a40da030174b5ff7e9bd4629.exe
-
Size
5.8MB
-
MD5
3ac3a8e6a40da030174b5ff7e9bd4629
-
SHA1
6dfd83ee27aa79d2df598709e45a43dff932ba9a
-
SHA256
59d0b3c9143fa50ccb91b216610efaa1141ea64944d2ebec803489c86159f274
-
SHA512
3c4b37b1be3e418fd83a7ac91c631c883ce8ae4d8e45945206261e32db577fabb2c15ff84b4ea96840a3f6a7e2f56de6a2028bd9c5527f33b9678478725c6f98
-
SSDEEP
98304:lK6EKW9ln4i/5Agg3gnl/IVUs1jePsA36t8wSIeQFBkdpqdgg3gnl/IVUs1jePs:AJJ9tOgl/iBiPTVJRQPkd6gl/iBiP
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2792 3ac3a8e6a40da030174b5ff7e9bd4629.exe -
Executes dropped EXE 1 IoCs
pid Process 2792 3ac3a8e6a40da030174b5ff7e9bd4629.exe -
Loads dropped DLL 1 IoCs
pid Process 2184 3ac3a8e6a40da030174b5ff7e9bd4629.exe -
resource yara_rule behavioral1/memory/2184-0-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000a00000001226e-14.dat upx behavioral1/memory/2792-16-0x0000000000400000-0x00000000008EF000-memory.dmp upx behavioral1/files/0x000a00000001226e-10.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2184 3ac3a8e6a40da030174b5ff7e9bd4629.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2184 3ac3a8e6a40da030174b5ff7e9bd4629.exe 2792 3ac3a8e6a40da030174b5ff7e9bd4629.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2184 wrote to memory of 2792 2184 3ac3a8e6a40da030174b5ff7e9bd4629.exe 28 PID 2184 wrote to memory of 2792 2184 3ac3a8e6a40da030174b5ff7e9bd4629.exe 28 PID 2184 wrote to memory of 2792 2184 3ac3a8e6a40da030174b5ff7e9bd4629.exe 28 PID 2184 wrote to memory of 2792 2184 3ac3a8e6a40da030174b5ff7e9bd4629.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\3ac3a8e6a40da030174b5ff7e9bd4629.exe"C:\Users\Admin\AppData\Local\Temp\3ac3a8e6a40da030174b5ff7e9bd4629.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Users\Admin\AppData\Local\Temp\3ac3a8e6a40da030174b5ff7e9bd4629.exeC:\Users\Admin\AppData\Local\Temp\3ac3a8e6a40da030174b5ff7e9bd4629.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2792
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
381KB
MD523d8a1b5205706ad2dc618329b9c7d54
SHA177555d44aa827dec32db7e9bdf79cce65b000319
SHA256fb90c6e59d5771d1cf999f7129c0d3b23e328a0267c18ed1edb3d92e21e17465
SHA512de1f570c9ad232b7582037f00690c1c6164957b9e7ca1afc5091ed00ccb600d0b7cb30ed51d997155dc4703ee236ef7260d3021af9dd6554ffb0fb98a18d6e76
-
Filesize
1.7MB
MD5ef90a2c6265cd31f77f765d075c698d6
SHA17e0c3c8619d2d827c0ba36add4b6a08d7d649a71
SHA2563fd8f1a53ee3a21f668749e1aaff70638e9688c05b8e7ab0ce2f4f69b7d1d605
SHA512d8f38f99c4e5d0b0c917fa85c623194525a7b0030e2cc24a939c2c462b9a74a830aad1f5dc99d3a20086d1cf0681ad646573fb426d19e64e07ede3562c2e0d3b